Search Results

Search found 88705 results on 3549 pages for 'web application security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 154/3549 | < Previous Page | 150 151 152 153 154 155 156 157 158 159 160 161  | Next Page >

  • NHibernate / ORM - Child Update over Web Service

    - by tyndall
    What is the correct way to UPDATE a child object with NHibernate but not have to "awake" the parent object. Lets say you would like to try to avoid this because the parent object is large or expensive to initiate. Lets assume classes are called Author(parent) and Book(child). (still, trying to avoid instantiating Author) Book comes back over a web service as XML. It gets deserialized back into a CLR object. Book has an AuthorId property which allows this to happen. But it also has a Author property. Problem, comes when you try to SaveOrUpdate() Book and the author_id in the database gets wiped out because the Author was null when the object gets deserialized. This seems like this would be a common problem. What is the workaround? Also, if you instantiate the Author and it has a Books property. The book you are trying to update is already one of these books (List<Book>). We have also run into the "a different object with the same identifier value was already associated with the session" problems. What is the standard process to update a child over a web service?

    Read the article

  • Creating a consumer of a Web Service WSDL/SOAP

    - by Azzi
    I am attempting to write a Windows Desktop App (using WCF) that is a consumer of a web service. The application: Sends a SOAP message to a British Government Server to get an authentication token based on the arugments passed Retrieves a response from that server in the form of a string which contains the authentication token. I have a template of the SOAP message from the British Government, and a WSDL file for the service. What I have tried Add a service reference using the WSDL file. I received the following error: URI formats are not supported. Add a Web Reference using the URL of the service. I received the following error: The request failed with HTTP status 405: Method Not Allowed. Send the SOAP request using a POST. The Call to GetResponse() threw a 500 External Server Error. NOTE: I am using VS 2005 WSDL: <?xml version="1.0" encoding="utf-8"?> <definitions xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:conv="http://www.openuri.org/2002/04/soap/conversation/" xmlns:cw="http://www.openuri.org/2002/04/wsdl/conversation/" xmlns:http="http://schemas.xmlsoap.org/wsdl/http/" xmlns:jms="http://www.openuri.org/2002/04/wsdl/jms/" xmlns:mime="http://schemas.xmlsoap.org/wsdl/mime/" xmlns:s="http://www.w3.org/2001/XMLSchema" xmlns:s1="https://tpvs.hmrc.gov.uk/dpsauthentication" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" targetNamespace="https://tpvs.hmrc.gov.uk/dpsauthentication"> <types> <s:schema elementFormDefault="qualified" targetNamespace="https://tpvs.hmrc.gov.uk/dpsauthentication" xmlns:s="http://www.w3.org/2001/XMLSchema" xmlns="https://tpvs.hmrc.gov.uk/dpsauthentication"> <s:element name="DPSrequestToken"> <s:complexType> <s:sequence> <s:element name="version" type="s:int"/> <s:element name="vendorID" type="s:string" minOccurs="0"/> </s:sequence> </s:complexType> </s:element> <s:element name="DPSrequestTokenResponse"> <s:complexType> <s:sequence> <s:element name="DPSrequestTokenResult" type="s:string" minOccurs="0"/> </s:sequence> </s:complexType> </s:element> </s:schema> </types> <message name="DPSrequestTokenSoapIn"> <part name="parameters" element="s1:DPSrequestToken"/> </message> <message name="DPSrequestTokenSoapOut"> <part name="parameters" element="s1:DPSrequestTokenResponse"/> </message> <portType name="dpsauthenticationSoap"> <operation name="DPSrequestToken"> <input message="s1:DPSrequestTokenSoapIn"/> <output message="s1:DPSrequestTokenSoapOut"/> </operation> </portType> <binding name="dpsauthenticationSoap" type="s1:dpsauthenticationSoap"> <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/> <operation name="DPSrequestToken"> <soap:operation soapAction="https://tpvs.hmrc.gov.uk/dpsauthentication/DPSrequestToken" style="document"/> <input> <soap:body use="literal"/> </input> <output> <soap:body use="literal"/> </output> </operation> </binding> <service name="dpsauthentication"> <port name="dpsauthenticationSoap" binding="s1:dpsauthenticationSoap"> <soap:address location="https://dps.ws.hmrc.gov.uk/dpsauthentication/service"/> </port> </service> </definitions> SOAP: <!-- v1.1 30/11/2007 --> <!-- 24/10/2011 - minor change to remove duplicated text from <Envelope> element. No impact on validation, therefore not re-versioned. --> <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <SOAP-ENV:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <wsse:UsernameToken> <wsse:Username>as advised by SDS team</wsse:Username> <wsse:Password>as advised by SDS team</wsse:Password> </wsse:UsernameToken> </wsse:Security> </SOAP-ENV:Header> <SOAP-ENV:Body> <m:DPSrequestToken xmlns:m="https://tpvs.hmrc.gov.uk/dpsauthentication"> <m:version>1</m:version> <m:vendorID>your 4 digit vendorID</m:vendorID> </m:DPSrequestToken> </SOAP-ENV:Body> </SOAP-ENV:Envelope>

    Read the article

  • Clickonce intranet application trust

    - by Mark
    Hi, we have a VSTO outlook add-in we'd like to silently deploy to everyone via AD. I'm signing the App with a "Code signing" certificate (requested certmgr from AD). If I add this certificate to my Trusted Publishers, then I can silently install the signed app via the VSTOInstaller.exe (with the /S switch). We don't want to have to install my certificate as a trusted publisher on everyone's machine - we'd like to be able to say that any code signed by a certificate issued within our AD is trusted. Is there some way to do this?

    Read the article

  • How do you protect against specific CSRF attack

    - by Saif Bechan
    I am going trough the OWASP Top 10 list of 2007 and 2010. I stumbled upon Cross Site Request Forgery (CSRF) this is often called session riding as you let the user usee his session to fulfill your wishes. Now a solution to this is adding a token to every url and this token is checked for every link. For example to vote on product x the url would be: 'http://mysite.com?token=HVBKJNKL' This looks like a solid solution to because a hacker can not guess the token. But I was thinking of the following scenario(I do not know if it is possible): You create a website with an hidden iFrame or div. After that you can load my website in it either using just the normal iFrame or ajax. When you have my website loaded hidden inside your website, and the user has a stored session, the following can be done. You can retrieve the token from the URLS, and still do all the actions needed. Is it possible to do something like this. Or is it not possible to do this cross domain.

    Read the article

  • How do I start a second console application in Visual Studio when one is already running

    - by Kettenbach
    Hi All, I am working through some examples in a WCF book. There is a Host project and Client project within a single solution. Both are console applications. The Host is the startup app, but the Client app doesn't seem to open the Console like the book says. Book says while the Host is running, run the Client. The Run button is disabled tho as it is already running. The book example definitely has them in the same solution and a single instance of Visual Studio. Anyways, what am I missing here? I have done this with two instances of VS, but I truly have never does this in a single instance. Any help is always appreciated. Cheers, ~ck in San Diego

    Read the article

  • Calling generic method in spring.net application context

    - by Bert Vandamme
    Hi, I'm trying to invoke this method in spring.net, but i'm having trouble getting the configuration right. Method: public void AddRepository(IRepository repository) where TEntity : IEntity { Repositories.Add(repository.GetType().Name, repository); } Config: <object type="Spring.Objects.Factory.Config.MethodInvokingFactoryObject, Spring.Core"> <property name="TargetObject"> <ref local="RepositoryFactory" /> </property> <property name="TargetMethod" value="AddRepository"/> <property name="Arguments"> <list> <ref object="BinaryAssetFileRepository"/> </list> </property> </object>" Is it possible to address generic methods in this way? Thx, Bert

    Read the article

  • How can I simulate this application hang scenario?

    - by Pwninstein
    I have a Windows Forms app that itself launches different threads to do different kinds of work. Occasionally, ALL threads (including the UI thread) become frozen, and my app becomes unresponsive. I've decided it may be a Garbage Collector-related issue, as the GC will freeze all managed threads temporarily. To verify that just managed threads are frozen, I spin up an unmanaged one that writes to a "heartbeat" file with a timestamp every second, and it is not affected (i.e. it still runs): public delegate void ThreadProc(); [DllImport("UnmanagedTest.dll", EntryPoint = "MyUnmanagedFunction")] public static extern void MyUnmanagedFunction(); [DllImport("kernel32")] public static extern IntPtr CreateThread( IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, out uint dwThreadId); uint threadId; ThreadProc proc = new ThreadProc(MyUnmanagedFunction); IntPtr functionPointer = Marshal.GetFunctionPointerForDelegate(proc); IntPtr threadHandle = CreateThread(IntPtr.Zero, 0, functionPointer, IntPtr.Zero, 0, out threadId); My Question is: how can I simulate this situation, where all managed threads are suspended but unmanaged ones keep on spinning? My first stab: private void button1_Click(object sender, EventArgs e) { Thread t = new Thread(new ThreadStart(delegate { new Hanger(); GC.Collect(2, GCCollectionMode.Forced); })); t.Start(); } class Hanger{ private int[] m_Integers = new int[10000000]; public Hanger() { } ~Hanger() { Console.WriteLine("About to hang..."); //This doesn't reproduce the desired behavior //while (true) ; //Neither does this //Thread.Sleep(System.Threading.Timeout.Infinite); } } Thanks in advance!!

    Read the article

  • How to implement login page using Spring Security so that it works with Spring web flow?

    - by simon
    I have a web application using Spring 2.5.6 and Spring Security 2.0.4. I have implemented a working login page, which authenticates the user against a web service. The authentication is done by defining a custom authentincation manager, like this: <beans:bean id="customizedFormLoginFilter" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter"> <custom-filter position="AUTHENTICATION_PROCESSING_FILTER" /> <beans:property name="defaultTargetUrl" value="/index.do" /> <beans:property name="authenticationFailureUrl" value="/login.do?error=true" /> <beans:property name="authenticationManager" ref="customAuthenticationManager" /> <beans:property name="allowSessionCreation" value="true" /> </beans:bean> <beans:bean id="customAuthenticationManager" class="com.sevenp.mobile.samplemgmt.web.security.CustomAuthenticationManager"> <beans:property name="authenticateUrlWs" value="${WS_ENDPOINT_ADDRESS}" /> </beans:bean> The authentication manager class: public class CustomAuthenticationManager implements AuthenticationManager, ApplicationContextAware { @Transactional @Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { //authentication logic return new UsernamePasswordAuthenticationToken(principal, authentication.getCredentials(), grantedAuthorityArray); } The essential part of the login jsp looks like this: <c:url value="/j_spring_security_check" var="formUrlSecurityCheck"/> <form method="post" action="${formUrlSecurityCheck}"> <div id="errorArea" class="errorBox"> <c:if test="${not empty param.error}"> ${sessionScope["SPRING_SECURITY_LAST_EXCEPTION"].message} </c:if> </div> <label for="loginName"> Username: <input style="width:125px;" tabindex="1" id="login" name="j_username" /> </label> <label for="password"> Password: <input style="width:125px;" tabindex="2" id="password" name="j_password" type="password" /> </label> <input type="submit" tabindex="3" name="login" class="formButton" value="Login" /> </form> Now the problem is that the application should use Spring Web Flow. After the application was configured to use Spring Web Flow, the login does not work anymore - the form action to "/j_spring_security_check" results in a blank page without error message. What is the best way to adapt the existing login process so that it works with Spring Web Flow?

    Read the article

  • What is the correct way to configure a spring TextEncryptor for use on Heroku

    - by Ollie Edwards
    I have a spring TextEncryptor defined like this <bean id="textEncryptor" class="org.springframework.security.crypto.encrypt.Encryptors" factory-method="text"> <constructor-arg value="${security.encryptPassword}" /> <constructor-arg value="${security.encryptSalt}" /> </bean> Which is fed these properties security.encryptPassword=47582920264f212c566d5e5a6d security.encryptSalt=39783e315e6a207e733d6f4141 Which works fine on my local environment. When I deploy to Heroku I get java.lang.IllegalArgumentException: Unable to initialize due to invalid secret key at org.springframework.security.crypto.encrypt.CipherUtils.initCipher(CipherUtils.java:110) at org.springframework.security.crypto.encrypt.AesBytesEncryptor.encrypt(AesBytesEncryptor.java:65) at org.springframework.security.crypto.encrypt.HexEncodingTextEncryptor.encrypt(HexEncodingTextEncryptor.java:36) ... Caused by: java.security.InvalidKeyException: Illegal key size at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:972) at javax.crypto.Cipher.implInit(Cipher.java:738) at javax.crypto.Cipher.chooseProvider(Cipher.java:797) at javax.crypto.Cipher.init(Cipher.java:1276) at javax.crypto.Cipher.init(Cipher.java:1215) at org.springframework.security.crypto.encrypt.CipherUtils.initCipher(CipherUtils.java:105) ... 53 more So I tried some smaller keys but I always get the same problem. What is the correct key size to use on Heroku?

    Read the article

  • What development technologies or technology stack is typically used in the security industry?

    - by vfilby
    In this case security means building security (access control, alarm systems, etc). And I am not talking about working directly with the hardware, more focused on web based applications/api's that clients or companies can use? Are there technologies that are commonly used? Are there technologies that shouldn't be used? Are there any real benefits to a linux based stack as opposed to a windows based stack for exposing web based applications?

    Read the article

  • How use applicationSettings in the new web.config configuration in VS2010?

    - by citronas
    I'm used to use web deployment projects. Currently I am developing a new web application with VS2010 and want to try to get along with the new web.config principle and deployment issues. How can I replace a simple setting like <applicationSettings> <NAMESPACE> <setting name="Testenvironment" serializeAs="String"> <value>True</value> </setting> </NAMESPACE> </applicationSettings> I want to have this setting to be set to True in Debug, and false in Release. How must the entries in the Web.Debug.config and Web.Release.Config look like? And by the way: Is there some documentation about the new web.config issue? Can't seem to google for the correct keywords.

    Read the article

  • Am I under risk of CSRF attacks in a POST form that doesn't require the user to be logged in?

    - by Monika Sulik
    I'm probably being a total noob here, but I'm still uncertain about what a CSRF (Cross-Site Request Forgery) attack is exactly. So lets look at three situations... 1) I have a POST form that I use to edit data on my site. I want this data to be edited only by users that are logged in. 2) I have a site, which can be used by both users who are logged in as well as guests. Parts of the site are for logged in users only, but there are also POST forms that can be used by all users - anonymous and not (for example a standard contact form). Should the contact form be safeguarded against CSRF attacks? 3) I have a site which doesn't have an authentication system at all (well, perhaps that's unrealistic, so lets say it has an admin site which is separate from the rest of it and the admin part is properly safeguarded). The main part of the site is only used by anonymous users. Do the POST forms on it need to be safeguarded? In the case of 1) the answer is clearly yes. But in the case of 2 and 3 I don't know (and is the difference between 2 and 3 even significant?).

    Read the article

  • one high-end server with one Application Server or multiple Application Servers?

    - by elgcom
    If I have a high-end server, for example with 1T memory and 8x4core CPU... will it bring more performance if I run multiple App Server (on different JVM) rather than just one App Server? On App Server I will run some services (EAR whith message driven beans) which exchange message with each other. btw, has java 64bit now no memory limitation any more? http://java.sun.com/products/hotspot/whitepaper.html#64

    Read the article

  • Securing Files over Web: Fine Grained Authorization Based File Access

    - by Nishant
    I have a system where employees can upload files. There are three ways Upload to my account in public, private or protected mode Upload to department account in public, private or protected mode Upload to organization account in public, private or protected mode where public is visible to anyone, private to the group or person only and protected to anyone in the organization. All the files for an organization are stored in a directory say, /files/<organizationId>/, on file server like files +-- 234809 | +img1.jpg | +doc1.pdf +-- 808234 | +doc2.pdf I am storing file-path and privacy level in DB. So, I can control whether to show link to a file URL to an user -- on a given page. The problem is, I do not have any control over file's URL... so, if some one types the URL to img1.jpg in his browser's address bar, there is no way to know whether a logged in user is eligible to see img1.jpg. Any suggestion? Thanks Nishant

    Read the article

  • Unable to authenticate in imap server through windows application

    - by Nila
    In C#,I'm using LumiSoft.Net.IMAP.Client library to connect to the imap server and I'm viewing my emails through that class library... I used it for more than 5 months. Now, when I tried to authenticate, it shows the following exception (even though the server is connected..) Server returned:CAPABILITY IMAP4rev1 UNSELECT LITERAL+ IDLE NAMESPACE QUOTA ID XLIST CHILDREN X-GM-EXT-1 UIDPLUS COMPRESS=DEFLATE I searched for this error. I came to know that the imap server protocol was changed so, this error occurs. Now, Wat I should do for that, whether to change my class library ?? Plz, help me...

    Read the article

  • Vietnamese character in .NET Console Application (UTF-8)

    - by DucDigital
    Im trying to write down an UTF8 string (Vietnamese) into C# Console but no success. Im running on windows 7. I tried to use the Encoding class that convert string to char[] to byte[] and then to String, but no help, the string is input directly fron the database. Here is some example Tôi tên là Ð?c, cu?c s?ng th?t vui v? tuy?t v?i It does not show the special character like : Ð or ?... instead it show up ?, much worse with the Encoding class. Does anyone can try this out or know about this problem? Thank you My code static void Main(string[] args) { XDataContext _new = new XDataContext(); Console.OutputEncoding = Encoding.GetEncoding("UTF-8"); string srcString = _new.Posts.First().TITLE; Console.WriteLine(srcString); // Convert the UTF-16 encoded source string to UTF-8 and ASCII. byte[] utf8String = Encoding.UTF8.GetBytes(srcString); byte[] asciiString = Encoding.ASCII.GetBytes(srcString); // Write the UTF-8 and ASCII encoded byte arrays. Console.WriteLine("UTF-8 Bytes: {0}", BitConverter.ToString(utf8String)); Console.WriteLine("ASCII Bytes: {0}", BitConverter.ToString(asciiString)); // Convert UTF-8 and ASCII encoded bytes back to UTF-16 encoded // string and write. Console.WriteLine("UTF-8 Text : {0}", Encoding.UTF8.GetString(utf8String)); Console.WriteLine("ASCII Text : {0}", Encoding.ASCII.GetString(asciiString)); Console.WriteLine(Encoding.UTF8.GetString(utf8String)); Console.WriteLine(Encoding.ASCII.GetString(asciiString)); } and here is the outstanding output Nhà báo Ä‘i há»™i báo Xuân UTF-8 Bytes: 4E-68-C3-A0-20-62-C3-A1-6F-20-C4-91-69-20-68-E1-BB-99-69-20-62-C3- A1-6F-20-58-75-C3-A2-6E ASCII Bytes: 4E-68-3F-20-62-3F-6F-20-3F-69-20-68-3F-69-20-62-3F-6F-20-58-75-3F- 6E UTF-8 Text : Nhà báo Ä‘i há»™i báo Xuân ASCII Text : Nh? b?o ?i h?i b?o Xu?n Nhà báo Ä‘i há»™i báo Xuân Nh? b?o ?i h?i b?o Xu?n Press any key to continue . . .

    Read the article

  • Rapid Application Development Articles

    - by Micheal
    I'm writing a project and I need to use a certain number of journal articles. I'm having real trouble finding journal articles on RAD though. It seems to be mostly books that I can find. Can anyone recommend any good articles to get me started?

    Read the article

  • How Can I Find Out *HOW* My Site Was Hacked? How Do I Find Site Vulnerabilities?

    - by Imageree
    One of my custom developed ASP.NET sites was hacked today: "Hacked By Swan (Please Stop Wars !.. )" It is using ASP.NET and SQL Server 2005 and IIS 6.0 and Windows 2003 server. I am not using Ajax and I think I am using stored procedures everywhere I am connecting to the database so I dont think it is SQL injection. I have now removed the write permission on the folders. How can I find out what they did to hack the site and what to do to prevent it from happening again? The server is up to date with all Windows updates. What they have done is uploading 6 files (index.asp, index.html, index.htm,...) to the main directory for the website. What log files should I upload? I have log files for IIS from this folder: c:\winnt\system32\LogFiles\W3SVC1. I am willing to show it to some of you but don't think it is good to post on the Internet. Anyone willing to take a look at it? I have already searched on Google but the only thing I find there are other sites that have been hacked - I haven't been able to see any discussion about it. I know this is not strictly related to programming but this is still an important thing for programmers and a lot of programmers have been hacked like this.

    Read the article

  • C# console application

    - by Andy
    I have sample exe say console.exe on "programfiles\myAppFolder" .It serves the purpose of logging the message to eventviewer EventLog.WriteEntry(sSource, sEvent, EventLogEntryType.Warning, 234); But whenever I click on the exe I need to call this exe on un-install of appcn from NSIS script .However it gives me an error always that "thisappConsole has encountered a problem and needs to close. We are sorry for the inconvenience." Can anyone help me with this. If I put any other sample consoleapp without any additional "using statements". it works ..

    Read the article

  • How to give you website customers a secure feeling

    - by Saif Bechan
    I was wondering how you can give your website customers the confidence that you are not tinkering with the database values. I am planning on running a website which falls in the realm of an online game. There is some kind of credit system involved that people have to pay for. Now I was wondering how sites like this ensure there customers that there is no foul play in the database itself. As I am the database admin i can pretty much change all the values from within without anyone knowing i did. Hence letting someone win that does not rightfully is the winner. Is it maybe an option to decrypt en encrypt the credits people have so i can't change them. Or is there maybe a company i can hire that checks my company for foul play.

    Read the article

  • Windows GUI application when user is not logged in?

    - by Tiax
    I've written a Autoit script that starts a GUI application, when the application starts there is a login form. The scripts fills the login form and tries to log in. Then it records the time it took to login to the application and shuts the application down afterwards, writes a output file with the time it took. The thing is, I can't get the application to start unless Im logged in as the user the Scheduled task is running on. So my question is: Is there any way to start a GUI application even though the user isn't logged in? Or is the only way to have a user always logged in?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 150 151 152 153 154 155 156 157 158 159 160 161  | Next Page >